> The security that the Secure By Design principle is referring to is
about protecting the user and their system from hostile content
>producers. For example, preventing cross-domain scripting attacks,
restricting access to a users file system, etc.
As Rob says, that then needs to made clear. I didn't glean this at all
from the current wording of the principle. Having said that, at a higher
layer, in terms of user interface security, my comments are still relevant.
Josh